Collecting Information Regarding Consumer Click-Through Traffic

ABSTRACT

A method and system for providing the centralized collection of click-through traffic information. The method includes receiving a DNS query for a domain name at a third party auditing service from a requesting computing resource. The domain name is configured to include click-through information as a subdomain, and wherein a URL associated with the domain name provides content. The click-through information is parsed from the domain name without establishing a connection between said third party auditing server and any web server providing the content. An IP address for the web server associated with the domain name is sent to the requesting computing resource.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.13/403,961, filed Feb. 23, 2012, now U.S. Pat. No. 8,874,735, which is acontinuation of U.S. application Ser. No. 12/125,677, filed May 22,2008, now U.S. Pat. No. 8,145,762, which claims priority to and thebenefit of Provisional Application No. 60/931,395 to Timothy P. Barber,entitled “System and Method for Centrally Collecting Real-TimeInformation Regarding Consumer Clickthrough Traffic,” filed on May 22,2007, all of which are herein incorporated by reference in theirentirety.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention is generally directed to the transfer ofinformation over a communication network. Specifically, the presentinvention relates to the collection of information related to consumerclick-through traffic through the use of an authoritative domain nameserver.

2. The Relevant Technology

The internet creates new ways to transfer information between usersthroughout the world. Ever evolving services as implemented through theinternet provide for the communication of information for business,education, work, private, and social purposes. As a result, theseservices attract increasing numbers of users to the internet year afteryear.

More particularly, advertising through the internet is an effective wayto promote products and services directly to targeted consumers.Different methods have been created for presenting advertising over theinternet and the corresponding payments by the advertisers fordisplaying the advertising.

For example, pay-per-click (PPC) advertising allows for web sites, as apublisher, to display advertising that include links that when actuatedbrings a consumer directly to the advertiser's web site. Theseadvertisements may be managed by the owner of the web site, by anadvertising network (e.g., search engine) that is used by a consumer toaccess the web site, or by a combination of both.

In another example, a search engine directly displays advertising orsponsored links during the course of a consumer's search request. Inthis case, when a consumer enters a search query, a list of web siteresults is returned. In addition, advertising in the form of sponsoredlinks to various websites are also provided that can be targeted to theconsumer based on the search terms used in the query.

In each of these cases, the advertiser will pay to those who manage theadvertising a fee whenever a consumer clicks on the advertising. Forinstance, the advertiser may pay a fee to the owner of the web site uponwhich the advertising is displayed, the search engine used to access theweb site, or a combination of both. More specifically, a search engineis capable of tracking the click-through activity by consumers for aparticular advertisement. As such, the search engine can produce reportsthat provide various search click-through statistics, as well as abilling activity related to the click-through statistics. Based on thereport, the advertiser will pay a certain fee for tracked and validclick-throughs.

However, click fraud may distort the actual number of validclick-throughs for a particular advertisement. Click fraud may beimplemented by a number of parties, to include the web site owner thathosts the advertising itself clicking on the advertisement forcollection of more fees, a competitor of the advertiser for purposes ofmaking the advertiser increase or reach prematurely their advertisingbudget by paying for irrelevant clicks, etc.

In response, publishers of advertising and search engines haveimplemented various filters to identify the number of fraudulentclick-throughs. As such, the advertiser need not pay for invalidclick-throughs. However, these filtering techniques typically areguarded by the implementing search engine, and are not released to thegeneral public or to the advertisers relying on the filtering in orderto pay for valid and the most effective internet advertising. That is,while a report may indicate the number of fraudulent click-throughs, theadvertiser has no way to verify that the number reflects the actualnumber of fraudulent click-throughs. As a result, third party auditingservices that monitor click-through rates have evolved to provideadditional statistical data for purposes of verifying click-throughreports provided to advertisers.

SUMMARY OF THE INVENTION

A method and system for providing the centralized collection ofclick-through traffic information. The method includes receiving at afirst server a first request for content from a requesting computingresource. The first request is associated with a first uniform resourcelocator (URL). Information is collected from a header of the firstrequest. For instance, the information is related to click-throughtraffic. A URL redirect command is sent to the requesting computingresource so that the computing resource issues a second request for thecontent from a second URL. The second URL is associated and supported bya second server. The information is included in the domain name of thesecond URL in the URL redirect command to enable transfer of theinformation to a third party auditing server without establishing aconnection between the third party auditing server and any web serverproviding the content. The third party auditing server supports domainname resolution for the second URL. Additionally, the method providesfor receiving a domain name service (DNS) query for the domain name ofthe second URL at the third party auditing server from the requestingcomputing resource. The information is parsed from the DNS query, andmore specifically, from the domain name included within the DNS query.An internet protocol (IP) address for the domain name is sent to therequesting computing resource.

The system for providing centralized collection of click-through trafficinformation includes a third party auditing service. More specifically,the third party auditing service supports domain name resolution as wellas the collection of click-through traffic information. For instance,the third party auditing service supports domain name resolution fordomain names configured to include subdomains comprising a delimiterseparating a string of click-through information and a sub-level domainof a corresponding domain name. The third party auditing service isconfigured to parse the string of click-through information from thecorresponding domain name when responding to a corresponding DNS query.The collection of click-through information is provided withoutestablishing a connection between the third party auditing service andany web server providing content that is associated with thecorresponding DNS query.

BRIEF DESCRIPTION OF THE DRAWINGS

Exemplary embodiments are illustrated in referenced figures of thedrawings which illustrate what is regarded as the preferred embodimentspresently contemplated. It is intended that the embodiments and figuresdisclosed herein are to be considered illustrative rather than limiting.

FIG. 1 is a diagram of a communication network that includes a systemthat is capable of supporting the centralized collection ofclick-through traffic information using an authoritative domain nameserver, in accordance with one embodiment of the present invention.

FIG. 2 is a diagram illustrating an exemplary web page as a publisher ofclickable advertisements accessible by a web consumer, in accordancewith one embodiment of the present invention.

FIG. 3 is a data flow diagram illustrating a method of collectingclick-through traffic information using an authoritative domain nameserver, in accordance with one embodiment of the present invention.

FIG. 4 is a flow diagram illustrating a method of collectingclick-through traffic information using an authoritative domain nameserver, in accordance with one embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Reference will now be made in detail to the preferred embodiments of thepresent invention, a method and system for centralized collection ofinformation related to click-through traffic using an authoritativedomain name server. While the invention will be described in conjunctionwith the preferred embodiments, it will be understood that they are notintended to limit the invention to these embodiments. On the contrary,the invention is intended to cover alternatives, modifications andequivalents which may be included within the spirit and scope of theinvention as defined by the appended claims.

Accordingly, embodiments of the present invention are capable ofproviding the centralized collection of real-time information regardingconsumer click-through traffic across numerous, unrelated domain names.More specifically, the collection of the information related toclick-through traffic is obtained without a connection being madebetween the third party auditing service collecting the information andany web server providing the requested content (e.g., an advertiser'sweb page). Once collected, such information could be used for a varietyof purposes, including identification of suspect or fraudulent PPCtraffic. The method is minimally invasive, as it does not interfere withdomain branding, the setting of cookies, or traffic flowing to any givendomain name.

Notation and Nomenclature

Embodiments of the present invention can be implemented on a softwareprogram for processing data through a computer system. The computersystem can be a personal computer, notebook computer, server computer,mainframe, networked computer (e.g., router), handheld computer,personal digital assistant, workstation, and the like. This program orits corresponding hardware implementation is operable for providingcentralized collection of click-through traffic information using anauthoritative domain name service. In one embodiment, the computersystem includes a processor coupled to a bus and memory storage coupledto the bus. The memory storage can be volatile or non-volatile and caninclude removable storage media. The computer can also include adisplay, provision for data input and output, etc.

Some portion of the detailed descriptions that follow are presented interms of procedures, steps, logic block, processing, and other symbolicrepresentations of operations on data bits that can be performed oncomputer memory. These descriptions and representations are the meansused by those skilled in the data processing arts to most effectivelyconvey the substance of their work to others skilled in the art. Aprocedure, computer executed step, logic block, process, etc. is here,and generally, conceived to be a self-consistent sequence of operationsor instructions leading to a desired result. The operations are thoserequiring physical manipulations of physical quantities. Usually, thoughnot necessarily, these quantities take the form of electrical ormagnetic signals capable of being stored, transferred, combined,compared, and otherwise manipulated in a computer system. It has provenconvenient at times, principally for reasons of common usage, to referto these signals as bits, values, elements, symbols, characters, terms,numbers or the like.

It should be borne in mind, however, that all of these and similar termsare to be associated with the appropriate physical quantities and aremerely convenient labels applied to these quantities. Unlessspecifically stated otherwise as apparent from the followingdiscussions, it is appreciated that throughout the present invention,discussions utilizing terms such as “receiving,” “collecting,”“parsing,” or the like refer to the actions and processes of a computersystem, or similar electronic computing device, including an embeddedsystem, that manipulates and transfers data represented as physical(electronic) quantities within the computer system's registers andmemories into other data similarly represented as physical quantitieswithin the computer system memories or registers or other suchinformation storage, transmission or display devices.

Communication Network

Embodiments of the present invention are described within the context ofa web-based system (e.g., internet) for providing centralized collectionof information related to click-through traffic across numerous,unrelated domain names through the use of a DNS server. Moreparticularly, the internet is a collection of communicatively coupledweb servers and web browsers associated with a user's computing resourcethat allow for the transfer of content (e.g., advertisements, web pages,files, etc.) between web sites and various users. For instance, a webuser can access content provided through a web server by requesting auniform resource locator (URL). The URL provides an address within theinternet for accessing a web server, and a file path within the webserver that accesses the file providing the content. In one embodiment,as the content is accessed, click-through information is collected by athird party auditing service through the use of a DNS server withoutestablishing a connection between the third party auditing service andany web server providing the content.

FIG. 1 is an illustration of a communication system 100 that is capableof providing the centralized collection of information related toclick-through traffic across numerous, unrelated domain names, inaccordance with one embodiment of the present invention. Thecommunication system 100 is configured to enable communication betweenone or more users (hereinafter referred to as web consumers) that arecoupled to a communication network 140 for purposes of presenting andviewing content. For example, in one embodiment, the communicationnetwork 140 is the internet, but could be any suitable network capableof supporting an online social networking sites or forums, hereinafterreferred to as online forums.

As shown in FIG. 1, a computing resource (e.g., computer) 110 isassociated with a web consumer. The web consumer via computer 110 isable to access the communication network 140 through the use of a webbrowser 115. That is, the web browser 115 is able to access contentavailable from web servers that are coupled to the communication network140 by requesting a URL that corresponds to the content.

In one particular example, the web consumer through computer 110 is ableto access an advertiser's web page, as content, merely by clicking on alink that provides the URL of the advertiser's web page to the webbrowser 115. For instance, the link is provided in the form of aclickable advertisement that is provided from content viewable by theweb consumer. As shown in FIG. 1, the clickable advertisement isprovided by the publisher 120 of the advertisement. In one case, the webconsumer is viewing a web page provided by the publisher 120, whichincludes a clickable advertisement. In another case, the web consumer isviewing an e-mail message that provides a clickable advertisement. Instill another case, the web consumer is provided with a clickableadvertisement through any available medium.

FIG. 2 is a diagram illustrating an exemplary web page 200 that isaccessible by a web consumer, such as through the web browser 115 ofcomputer 110 in FIG. 1, in accordance with one embodiment of the presentinvention. A URL 205 is provided at the bottom of web page 200 thatindicates how to access web page 200 through the internet. The domainname associated with the web server providing web page 200 is“example.com.” As shown, the content included in web page 200 is a webarticle providing tips on care for a pet with fleas.

In association with the article, web page 200 also includes targetedadvertisements 210 and 220. The owner of web page 200 is known as thepublisher (e.g., publisher 120 of FIG. 1) of the advertisements. Theseadvertisements are targeted to the web consumer by virtue of the factthat the consumer is researching articles on pet care. As such,companies that provide goods or services related to pets may want toadvertise on the web page 200, since they know that users accessing thearticle on web page 200 are more likely to have pets. For example,advertisement 210 is provided by a pet store with a exemplary domainname “websitename.com.” That is, the brand of the domain name isrecognizable as providing goods and services related to pets and isgenerally represented by the term “websitename.com.” In this case, thepet store associated with “websitename.com” is known as the advertiser.

The web consumer may access the web page associated with advertisement210 through various means. For instance, web consumer may click on theclickable link 212. In another case, the web consumer may click anywhereon the advertisement 210. Other means are well supported for selectingadvertisement 210, in other embodiments. In any case, when a click isrecognized as click-through traffic, the web consumer is presented withthe web page associated with the pet store advertiser (e.g., home page).In addition, once the click is registered, the advertiser is responsiblefor click-through fees (e.g., PPC payment) to a search enginemaintaining the advertisement, the publisher of the advertisement (e.g.,the owner of web page 200), a combination of both, etc.

Returning back to FIG. 1, content provider 130 provides the contentassociated with the clickable advertisement associated with publisher120. That is, once the web consumer, through web browser 115 of computer110, clicks on an advertisement, content provider 130 ultimatelyprovides the content (e.g., home page of the advertiser) associated withthe advertisement. For instance, using the example first described inFIG. 2, the content provider 130 could be the pet store associated with“websitename.com.”

As shown in FIG. 1, content provider 130 includes a first web server 150and a second web server 170; as well as any additional web serversneeded to provide the content to the web consumer, as will be describedmore fully with respect to FIGS. 3 and 4. As an introduction, the firstweb server 150 includes a collector 153 that collects click-throughinformation generated from the selection of a clickable advertisementthrough web browser 115. In addition, the first web server 150 includesa redirecting module 156 for purposes of redirecting the request forcontent to the second web server 170. Once the request is redirected,the second web server 170 provides the content 175 to the web browser115 associated with the web consumer making the request for the content.In other embodiments, content provider 130 includes additional webservers that are needed to provide the content 175 to the web consumer,as will be described more fully below.

Also shown in FIG. 1, a third party auditing service 160 is coupled tocommunication network 140. The third party auditing service 160 is ableto provide a central location for the collection of information relatedto click-through traffic for one or more advertisers providing clickableadvertisements. Additionally, the third party auditing service 160 isable to collect information related to click-through traffic whensupporting a domain name lookup when the web browser 115 is accessingthe second web server 170.

More particularly, the third party auditing service 160 supports domainname resolution for domain names configured to include subdomainscomprising a delimiter separating a string of click-through informationand a sub-level domain of a corresponding domain name. The third partyauditing service 160 is configured to parse the string of click-throughinformation from the corresponding domain name when responding to acorresponding DNS query without establishing a connection between thethird party auditing server and any web server providing contentassociated with the corresponding DNS query.

In particular, the third party auditing service 160 includes a collector162 that collects information related to click-through traffic withoutestablishing a connection between the third party auditing service 160and any web server providing the requested content, including those webservers associated with the content provider 130, as will be more fullydescribed in relation to FIGS. 3 and 4. Also, the third party auditingservice 160 includes a storage module 166 for storing the informationrelated to click-through traffic. In addition, the third party auditingservice 160 includes an authoritative domain name server 164 that isconfigured to support domain names that are associated with the contentprovider 130, and wherein the domain names are also configured in aformat that includes corresponding information related to click-throughtraffic for a particular request for content, as will be furtherdescribed in relation to FIGS. 3-4.

Central Collection of Consumer Click-Through Information

FIGS. 3 and 4 in combination illustrate the process for collectinginformation related to click-through traffic using a domain name server,in accordance with one embodiment of the present invention. Inparticular, FIG. 3 is flow diagram 300 illustrating a method forcentralized collection of click-through traffic without establishing aconnection between a third party auditing service and any web serverproviding content that is associated with corresponding click-throughtraffic. FIG. 4 is a data flow diagram 400 illustrating the flow of datain the method outlined in FIG. 3 for capturing click-through trafficusing a DNS server.

Implementation of the features illustrated in the method outlined inFIGS. 3 and 4 is provided through the communication system 100 of FIG.1, in one embodiment. As such, components that are similarly numbered inFIGS. 1 and 4 relate to the same component providing the same feature.As such, data flow diagram 400, as implemented through the communicationsystem 100, provides for the collection of click-through trafficassociated with the request for content coming from a web consumer'scomputer 110 via a web browser 115.

As shown in FIG. 4, components located below line A--A are includedwithin a system for providing centralized collection of informationrelated to click-through traffic, in one embodiment. In otherembodiments, the system includes one or more of the components locatedbelow line A--A. For instance, in one case, the system includes thecontent provider 130 and the third party auditing service 160 workingtogether to provide collection of click-through traffic information. Inother embodiments, the system includes the third party auditing service160 that is able to collect information related to click-through trafficwhen a web consumer is accessing content provided by the contentprovider 130.

Turning now to FIG. 3, a method for collecting information related toclick-through traffic is described in flow diagram 300. At 310, a firstrequest for content is received at a first server from a requestingcomputing resource. The content is associated with a first URL that isprovided by a content provider.

As a representative example, the process outlined at 310 is shown inoperation 1 of flow diagram 400. More specifically, the advertiser, orowner of the web site with the proper domain name “websitename.com”places advertising in a web site, an e-mail, or any suitable advertisingmedium. The advertising is selectable through a click on theadvertisement itself, or on a link, for example. A web consumer, throughcomputing resource 110 and web browser 115 accesses the web site, andclicks on the advertising. As a result, through the clickable linkingmechanism (e.g., hyperlink) provided by the advertising, the web browseris directed to the URL associated with “websitename.com” for access tothe requested content. To the web consumer, the brand (e.g.,“websitename.com”) of the domain name is recognizable and is includedwithin the requested URL. For instance, the first URL is of thefollowing format:

-   -   http://www.websitename.com/PATH0?GET0.

As shown, the first URL shown above includes a fully qualified domainname, “www.websitename.com,” of which the shortened and proper domainname is “websitename.com.” The domain name is associated with the webserver of the web site providing content. In addition, the term“PATH0?GET0” in the first URL outlines the file path utilized by thecorresponding web server to access the content. As such, the request forcontent is directed to the file containing the content that isaddressable through the first URL. In essence, to the web consumer, uponselecting and activating the linking mechanism on the advertising, theweb consumer is accessing the requested content.

At this stage, the web browser 115 or resolving engine associated withweb browser 115 may issue a DNS query to discover the IP address of thedomain name associated with the first URL, wherein the domain name is“websitename.com.” The DNS query is issued to one or more distributeddomain name servers that support the resolving of domain namesthroughout the internet. If one DNS server is unable to support theresolving of the domain name, that DNS server is capable of providingthe address of another DNS server that is closer to resolving the domainname. Eventually, one of at least one appropriate DNS server is accessedand the proper IP address associated with the domain name is accessed,that is, one or more DNS servers may support resolving of the IP addressthat is associated with the domain name. The IP address is then returnedto the web browser 115 from the authoritative DNS server, and is used toestablish a session between the web browser 115 and the web site fortransfer of content. As such, the web browser 115 is able to establish acommunication session, using the hypertext transfer protocol (HTTP),with the first server 150, whereupon the first request for content issent to the first server 150. HTTP is a communication protocol used fortransferring information across the communication network 140 (e.g.,internet) that establishes a communication session between a web browser115 (user agent) and a web site (e.g., web server). The first requestand any other request for content can be referred to as an HTTP request,or a URL request for purposes of this application.

At 320, information from the header of the first request is captured orcollected by the first server 150. More specifically, click-throughinformation related to the request for content from the first URL iscollected. For instance, as a representative example, collector 153 ofthe first web server is capable of collecting and assembling attributesthat are present in the first HTTP or URL request. The collection andassembling functions may be implemented through a program running on thefirst server 150. These attributes are associated with informationrelated to click-through traffic pertaining to the request for content.

In one embodiment, the collected information is encoded into analphanumeric string. Data pieces of the resulting string of informationis separated by delimiters. As a result, the combined data string ofinformation and delimiters provide the click-through trafficcorresponding to the original request for content.

In one embodiment, the combined data string of information is hashed forsecurity purposes. For instance, a secret key (e.g., a string of text)may be used for purposes of hashing the combined string of information.The cryptographic hashing function (e.g., MD5, SHA1, etc.) is performedon the concatenation of the secret key and the combined data string toobtain a hash value. In one embodiment, an “INFO” string is created thatincludes the combined data string appended to the computed hash value.This “INFO” string is used as the string of information related to theclick-through traffic that now has been hashed.

The attributes include the following standard HTTP header attributes, inone embodiment:

-   -   Consumer Useragent String: “USER AGENT”;    -   Customer Remote IP Address: “REMOTE_ADDR”;    -   Customer Proxy IP Address: “X_FORWARDED_FOR”; and    -   URL of Referring Page: “HTTP_REFERRER.”

More particularly, collected information identifies the web consumer andmore particularly, the web browser on the consumer's computer. Inaddition, the customer information identifies the advertiser. Also, thereferring page information identifies the publishing web site, or theweb site that contains the clickable advertising. In one specific case,the URL of the referring page may be shortened for convenience. Forexample, the shortened version is limited to the domain name of thereferring page, as opposed to the fully qualified domain name version.

In addition, other collected information includes attributes relating tothe transmission control protocol/internet protocol (TCP/IP) stackimplementation that is based upon the TCP/IP connection that supportsthe communication (e.g., HTTP) session. For instance, the stackimplementation may include routing information through the communicationnetwork 140 of FIG. 1.

Also, other collected information relating to click-through trafficprovides the specific target IP address, as discovered above. That is,the target IP address is the address of the first web server 150 towhich the first URL is directed.

In addition, collected information includes a client identifier, such asa “client ID.” That is, a number assigned to the advertising client isassigned by the third party auditing service 160 and is collected asclick-through information.

Further, collected information includes an advertising campaignidentifier, such as a “campaign ID.” For instance, a number that isassigned to a particular advertising campaign is collected asclick-through information. In one embodiment, the campaign identifier isincluded in the variables defining the file path “PATH0?GET0.”

At 330, a URL redirect command is sent to the requesting computingresource. In that manner, upon receipt of the URL redirect, thecomputing resource issues a second request for the content from a secondURL that is associated with a second server. More specifically, forpurposes of the present invention, the first URL serves as a virtual orproxy web address for accessing the requested content. That is, thecontent is not necessarily provided at the first URL, but at anassociated URL (e.g., the second URL) through a redirect command. As aresult, through the redirect command, information related to theclick-through traffic in association with the first request for contentcan be collected, as will be described below in relation to 340.

As a representative example, the process outlined in 330 is shown inoperation 2 of flow diagram 400. More specifically, the redirectingmodule 156 of the first web server 150 is capable of issuing a redirectcommand to the web consumer's computing resource 110. That is, insteadof providing access to the content at the first URL, the content isprovided at another URL through a redirect command. In one embodiment,the content is provided through one or more redirect commands forpurposes of collecting information related to click-through trafficassociated with the original request. As a result, the computingresource 110 through its web browser 115 is instructed to issue a secondHTTP request for the content from a second URL.

Various means are supported for redirecting the HTTP request, inembodiments of the present invention. For instance, in one embodiment,the redirect is accomplished through a 301 redirect. In anotherembodiment, the redirect is accomplished through an “HTTP 302” locationheader redirect. In still other embodiments, the redirect isaccomplished through a meta refresh command, or a page replacementcommand that is executed by a scripting language such as JavaScript.

At 340, the information relating to the click-through traffic associatedwith the original request for content is included in the domain name ofthe second URL in the URL redirect command. As a representative example,as a continuation of operation 2 of data flow 400, the redirectingmodule 156 is capable of including the information in the domain name ofthe second URL.

Specifically, the domain name of the second URL includes the combineddata string of information, previously described. For purposes of thisexample, the combined data string is represented by the term “INFO,”which may or may not comprise a hashed value. Inclusion of “INFO” withinthe domain name of the second URL enables the transfer of theinformation related to click-through traffic to a third party auditingserver 160 supporting domain name resolution for the second URL withoutestablishing a connection between the third party auditing server 160and any web server (e.g., server 150 or 170) ultimately providing therequested content. For instance, using the example provided above, thesecond URL is of the following format:

-   -   http://INFO.k.websitename.com/PATH1?GET1.

As shown, the second URL shown above includes a fully qualified domainname, “INFO.k.websitename.com.” In one embodiment, the combined datastring (“INFO”) is a subdomain of the domain name associated with thesecond URL. In one specific embodiment, the domain name associated withthe second URL is configured to include a delimeter separating a stringof click-through information and a sub-level domain (e.g., websitename)of the domain name corresponding to the second URL. In one embodiment,the sub-level domain is the first level domain name (e.g.,“websitename.com).

Specifically, as shown above, the domain name of the second URL isconfigured as “*.k.websitename,” in one embodiment. As such, the “*”term comprises the combined data string of information related toclick-through traffic for any request for the content from any webconsumer. In addition, the term, “k,” comprises a delimeter thatseparates the click-through information from the proper domain name(e.g., “websitename”) associated with both the first and second URLs. Asdescribed above, in one embodiment, the proper domain name comprises afirst level domain name (e.g., “websitename.com”).

It is important to note that the domain name for the second URL includesthe proper domain, “websitename.com,” found in the first URL, so thatthere is an association with the original domain name associated withthe first request for content. In addition, the term “PATH1?GET1” in thesecond URL outlines the file path utilized by the second web server 170to access the content 175 that is addressable through the second URL.

In one embodiment, the inclusion of the information related to theclick-through traffic in the domain name is accomplished without storingthe information at the first web server 150. Storage is unnecessary forpurposes of centralized collection of information, since the first webserver 150 is able to capture the information and include thatinformation in the domain name of the second URL in a redirect command.This provides an added benefit over historical auditing services, whichrequired the collection of the information related to click-throughtraffic at the web server providing access to the content, the storageof the information at the web server, and the later transfer of theinformation in a query log, that includes other click-through traffic,to the auditing service. The communication of the query log introduces alatency in the receipt of the information. In distinction, embodimentsof the present invention provide for the real-time collection of theinformation related to click-through traffic, as each request forcontent is processed.

In one embodiment, the second server 170 comprises the first server 150.That is, the same server supports both the first and second URLrequests. In this case, the IP address for both servers may beidentical; however, the state of the process is known by the domainnames or the file path. As such, when the web server receives a URLrequest, it understands the current state in the process flow 400 forthe collection of information.

Specifically, in the first case, the domain name of the second URL willinclude the additional information related to click-through traffic,thereby distinguishing it from the first URL, which only includes theproper domain name, “websitename.com.” Also, in the second case,although representing access to the same content, the file paths aredifferent from the first URL to the second URL. For instance, the firstfile path includes “PATH0?GET0,” while the second file path includes“PATH1?GET1.” As shown, the file paths also provide state informationrelated to the process of data flow diagram 300 in the collection ofinformation related to click-through traffic.

At 350, a DNS query for the domain name of the second URL is received atthe third party auditing server, from the requesting computing resource.As a representative example, the process outlined at 350 is shown inoperation 3 of flow diagram 400. More specifically, the third partyauditing service 160 receives the DNS query from the web browser 115, aspart of the domain name resolution process. In general, throughout theinternet, each domain or subdomain is associated with at least oneauthoritative DNS server that provides IP addresses to the web server,or web site, servicing the corresponding URL.

The DNS query is issued to one or more distributed domain name serversthat support the resolving of domain names throughout the internet. Inparticular, a process for resolving a domain name is followed, wherebyDNS servers and their corresponding resolvers communicate betweenthemselves to bring the DNS query to the proper set (e.g., one or more)of DNS servers that support the resolving of a corresponding domain nameto an IP address. For instance, if one DNS server is unable to supportthe resolving of the domain name, that DNS server is capable ofproviding the address of another DNS server that is closer to resolvingthe domain name. Eventually, one of the set of appropriate DNS serversis accessed and the proper IP address associated with the domain name isaccessed and returned to the originator of the DNS query, such as theresolver associated with the consumer's computing resource 110.

In one embodiment, one of a set of authoritative DNS servers thatsupports resolving of the proper domain name, “websitename.com” receivesthe DNS query. In the present embodiment, the each of the set of DNSservers is capable of recognizing that additional information isappended as subdomains to the proper domain name. Specifically, “INFO.k”is appended to the front end of the proper domain name,“websitename.com.” As such, upon this discovery of the additionalinformation, the queried authoritative DNS server is able tosub-delegate processing of the DNS query to the third party auditingservice 160. In that manner, the third party auditing service 160 isable to collect information related to click-through traffic by handlingthe DNS query.

As such, in one embodiment, the third party auditing service 160 isconfigured as the DNS name server supporting the resolving of IPaddresses for all domain names configured as “*.k.websitename.” Aspreviously described, the “*” term comprises the combined data string ofinformation related to click-through traffic, and “k” is a delimeterseparating the string from the proper domain name (e.g., “websitename”).In this manner, the third party auditing service 160 is used as theauthoritative DNS server for every redirected request for content by anyweb consumer that is initiated through the clickable advertisement.

More specifically, the proper domain name comprises first and top leveldomains (e.g., “websitename.com”) of the corresponding domain nameassociated with the second URL. In this manner, the third party auditingservice receives all the domain name resolution requests for domainnames of the form “*.k.websitename” (e.g., “INFO.k.websitename.com,”“INFO.k.websitename.org,” etc.). As such, any request for contentoriginating through a clickable advertisement is redirected to thesecond URL including domain names of the above format, which requires aDNS query to resolve the second URL. In this manner, information relatedto click-through traffic for each of those requests is routed to thethird party auditing service 160 for purposes of capture, and possiblyanalysis of the captured data. Each of the second URLs associated with adifferent redirected request is unique, since the information termrelated to click-through traffic of a corresponding request for contentis highly unique. In this way, caching of IP addresses for URLs and adetour around the third party auditing service is avoided because of theuniqueness between each of the second URLs.

At 360, upon receiving the DNS query, the third party auditing serviceparses, captures, or extracts the information (e.g., “INFO”) related tothe click-through traffic included in the domain name of the redirectedURL, or second URL, in the above example. As a representative example,the process outlined in 360 is shown as a continuation of operation 3 ofdata flow diagram 400.

After extraction, the information is stored in association with thethird party auditing service 160 for later access. As an example, datathat is stored can include the time of the DNS request, the combineddata string of information related to click-through traffic, the domainname requested, the IP address of the consumer's computing device 110,etc. As a result, analysis can be performed on click-through informationrelated to a particular content provider (advertiser) for purposes ofdiscovering fraudulent click-through activity.

At 370, an IP address for the domain name requested in the DNS query issent to the requesting computing resource. As a representative example,the process outlined in 370 is shown as operation 4 of data flow diagram400. More specifically, the DNS server 164 of the third party auditingservice 160 is capable of determining the proper IP address associatedwith the domain name included in the redirected URL request, or secondURL request, and sending the IP address back to the web browser 115 ofthe requesting computing resource 110.

In another embodiment, if the information string (e.g., “INFO”) relatedto click-through traffic is hashed, the third party auditing service 160can verify the hash value contained in the “INFO” term. If the value isnot correct, then the IP address is not returned, and the DNS query isignored. On the other hand, if the value is correct, the DNS query isprocessed and the IP address is returned or sent back to the web browser115.

Upon completion of a valid DNS query, the web browser 115 now has avalid IP address for the domain name associated with the redirected orsecond URL (e.g., “INFO.k.websitename.com”). As a result, a second HTTPrequest or URL request is made to the web server providing the requestedcontent. As a representative example, the accessing of the content isoutlined in operation 5 of data flow diagram 400. More specifically, theweb browser 115 sends a second request for the content that is accessedthrough the second URL supported by the second server 170.

In still another embodiment, after receipt of the second HTTP requestfor the second URL, the second web server 170 issues a second URLredirect command to the requesting computing resource 110. The secondredirect is enabled for purposes of providing content in a manner thatis recognizable by the web consumer. For instance, the second URLredirect command includes a domain name for a third URL that is strippedof the information related to click-through traffic. The third URL isassociated with a third server. The information is no longer needed,since it has been captured and stored at the third party auditingservice 160. In this manner, the domain name for the third URL reflectsclosely the original domain name from the original or first HTTPrequest. However, the file path is different for purposes ofdifferentiating state within the process of collecting informationrelated to click-through traffic as outlined in FIGS. 3 and 4. Forinstance, the third URL is of the following format:

-   -   http://www.websitename.com/PATH2?GET2.

In embodiments of the present invention, the third party auditingservice is able to support a plurality of domain names associated with aplurality of clickable advertisements for purposes of collectinginformation related to click-through traffic for each of thecorresponding advertisers. As such, a centralized source is disclosedthat is capable of providing the collection of real-time informationregarding consumer click-through traffic across numerous, unrelateddomain names. More specifically, the collection of the click-throughtraffic is obtained without a connection being made between the thirdparty auditing service collecting the information and any web serverproviding corresponding content that is requested from any of multipleadvertisers supported.

In another embodiment, a method for providing the centralized collectionof click-through traffic information is performed. The method includesreceiving a DNS query for a domain name at a third party auditingservice from a requesting computing resource. The domain name isconfigured to include click-through information as a subdomain, andwherein a URL associated with the domain name provides content. Theclick-through information is parsed from the domain name withoutestablishing a connection between said third party auditing server andany web server providing the content. In addition, an IP address for theweb server associated with the domain name is sent to the requestingcomputing resource.

While the methods of embodiments illustrated in flow chart 3 showspecific sequences and quantity of operations, the present invention issuitable to alternative embodiments. For example, not all the operationsprovided for in the methods presented above are required for the presentinvention. Furthermore, additional operations can be added to theoperations presented in the present embodiments. Likewise the sequencesof operations can be modified depending upon the application.

A method and system for centralized collection of click-through trafficinformation using an authoritative domain name service is thusdescribed. While the invention has been illustrated and described bymeans of specific embodiments, it is to be understood that numerouschanges and modifications may be made therein without departing from thespirit and scope of the invention as defined in the appended claims andequivalents thereof. Furthermore, while the present invention has beendescribed in particular embodiments, it should be appreciated that thepresent invention should not be construed as limited by suchembodiments, but rather construed according to the below claims.

What is claimed is:
 1. A method for collecting user information, themethod comprising: receiving a DNS query at an audit server from a userdevice in response to a selection of a link associated with a contentserver by a user of the user device, wherein the DNS query is for adomain name associated with the link and comprises identifyinginformation associated with the user or the user device; parsing, by theaudit server, the identifying information from the DNS query withoutestablishing a connection with the content server; and storing theidentifying information at the audit server.
 2. The method of claim 1,further comprising: resolving the DNS query into an IP address; andresponsive to the audit server being unable to resolve the DNS queryinto the IP address, providing the address of a DNS server to the userdevice.
 3. The method of claim 1, wherein the DNS query comprises a URLincluding the identifying information in a subdomain of the URL.
 4. Themethod of claim 3, wherein the identifying information in the subdomainof the URL is hashed by the user device.
 5. The method of claim 1,wherein the identifying information comprises information identifyingthe user device.
 6. The method of claim 5, wherein the identifyinginformation comprises an IP address of the user device.
 7. The method ofclaim 1, wherein the identifying information comprises informationidentifying the user of the user device.
 8. The method of claim 1,wherein the identifying information comprises information thatidentifies an advertiser or an advertising campaign.
 9. The method ofclaim 1, wherein the identifying information comprises information thatidentifies one or more of a referring website, a publishing website, atime of the DNS query, a requested domain name, or an IP address of theuser device.
 10. The method of claim 1, further comprising: analyzingthe stored identifying information; and determining if the storedidentifying information is indicative of fraud.
 11. The method of claim1, wherein responsive to the selection of the link by the user device,the user device is configured to generate the identifying informationassociated with the user device and incorporate the identifyinginformation into the DNS query.
 12. An audit server for collecting userinformation comprising a processor and a non-transitory computerreadable medium containing instructions for: receiving a DNS query at anaudit server from a user device in response to a selection of a linkassociated with a content server by a user of the user device, whereinthe DNS query is for a domain name associated with the link andcomprises identifying information associated with the user or the userdevice; parsing, by the audit server, the identifying information fromthe DNS query without establishing a connection with the content server;and storing the identifying information at the audit server
 13. Theaudit server of claim 12, wherein the audit server further containsinstructions for: resolving the DNS query into an IP address; andresponsive to the audit server being unable to resolve the DNS queryinto the IP address, providing the address of a DNS server to the userdevice.
 14. The audit server of claim 12, wherein the DNS querycomprises a URL including the identifying information in a subdomain ofthe URL.
 15. The audit server of claim 14, wherein the identifyinginformation in the subdomain of the URL is hashed by the user device.16. The audit server of claim 12, wherein the identifying informationcomprises information identifying the user device.
 17. The audit serverof claim 16, wherein the identifying information comprises an IP addressof the user device.
 18. The audit server of claim 12, wherein theidentifying information comprises information identifying the user ofthe user device.
 19. The audit server of claim 12, wherein theidentifying information comprises information that identifies anadvertiser or an advertising campaign.
 20. The audit server of claim 12,wherein the identifying information comprises information thatidentifies one or more of a referring website, a publishing website, atime of the DNS query, a requested domain name, or an IP address of theuser device.
 21. The audit server of claim 12, wherein the DNS serverfurther contains instructions for: analyzing the stored identifyinginformation; and determining if the stored identifying information isindicative of fraud.
 22. The audit server of claim 12, whereinresponsive to the selection of the link by the user device, the userdevice is configured to generate the identifying information associatedwith the user device and incorporate the identifying information intothe DNS query.
 23. An audit server for collecting user informationcomprising a processor and a non-transitory computer readable mediumcontaining instructions for: receiving a DNS query at an audit serverfrom a user device in response to the selection of a link by the userdevice, wherein the DNS query comprises identifying informationassociated with the user device; parsing the identifying informationfrom the DNS query; storing the identifying information at the auditserver; and determining whether the stored information is indicative offraud.